Hah. I've encountered a couple just like this recently when I hit the refresh button. Thought "House numbers? As captchas? That's weird." But think it's a much better approach to use text + graphic instead of the decayed text we've been dealing with lately.

Given one of the original goals of reCaptcha to help in improving OCR for books, in addition to acting as a captcha, wouldn't simply limiting to numbers detract from that?

Yeah, it seems like this is pointless "we already know you are human but instead of just letting you on by we are going to annoy you with a captcha that doesn't even have the benefit of improving OCR. Have a nice day!"

Given one of the original goals of reCaptcha to help in improving OCR for books, in addition to acting as a captcha, wouldn't simply limiting to numbers detract from that?

Yeah, it seems like this is pointless "we already know you are human but instead of just letting you on by we are going to annoy you with a captcha that doesn't even have the benefit of improving OCR. Have a nice day!"

They probably can sniff your IP and know that you are likely a human, but a lot of people scrape websites, databases, etc. with scripts. Thus they don't want to let their guard down completely. Think of it as the difference between going commando and wearing a thong.

Obviously for google recaptcha is merely a way to track what sites you visit and actively interact with, and that's the reason they will always serve them even when you are clearly a human.It's not like google's activities are secret.

Yeah, it seems like this is pointless "we already know you are human but instead of just letting you on by we are going to annoy you with a captcha that doesn't even have the benefit of improving OCR. Have a nice day!"

I expect that the real explanation was right in the snippet that Ars quoted:

"[reCaptchas serve as] more as a medium of engagement to elicit a broad range of cues that characterize humans and bots"

The reCaptcha makes you pause, move your mouse, click, and type. I should really go look at their Javascript, but I'd bet a dollar that they're taking some of the details of those actions and sending them to Google along with what you actually type in the field.

We've asked Google why a CAPTCHA would be necessary at all if the company already knows you're human, but we haven't received an answer yet.

You probably won't get an answer. Google doesn't want to admit that captchas are used just as often for monetization - annoying people into paying for some desired content - as authorization. While it may no longer be necessary as an authorization tool, it's still handy for annoyance and monetization.

Here's a ReCaptcha trick. You only need to type one of the words correctly. For the image you can just enter whatever you want. If both words are text, the text that looks different than "normal" is the fake one. Saves a bit of time when entering catcphas and also trolls Google.

Hah. I've encountered a couple just like this recently when I hit the refresh button. Thought "House numbers? As captchas? That's weird." But think it's a much better approach to use text + graphic instead of the decayed text we've been dealing with lately.

Given one of the original goals of reCaptcha to help in improving OCR for books, in addition to acting as a captcha, wouldn't simply limiting to numbers detract from that?

Yeah, it seems like this is pointless "we already know you are human but instead of just letting you on by we are going to annoy you with a captcha that doesn't even have the benefit of improving OCR. Have a nice day!"

As stated in the quote above, they perform risk analysis based on how you interact with the captcha that helps them determine if someone is human or not. I'm not sure how it is "pointless" when the entire process hinges around the captcha still.

Given one of the original goals of reCaptcha to help in improving OCR for books, in addition to acting as a captcha, wouldn't simply limiting to numbers detract from that?

You'll notice that reCAPTCHA text isn't fuzzy like CAPTCHA's. I don't believe reCAPTCHA is used to decipher books, that text is now computer generated. That was one of the original CAPTCHA's purposes but it was dumped as bots adapted.

I don't see how hard it would be for bots to defeat this new algorithm. All they have to do is slow themselves down to human pace, fuzz the timing a little, and maybe incorporate a little inertial acceleration into simulated mouse movements.

Given one of the original goals of reCaptcha to help in improving OCR for books, in addition to acting as a captcha, wouldn't simply limiting to numbers detract from that?

Yeah, it seems like this is pointless "we already know you are human but instead of just letting you on by we are going to annoy you with a captcha that doesn't even have the benefit of improving OCR. Have a nice day!"

You can still do scripting to automate your desktop that should be indistinguishable from how a user works (though repeating the same task many times with all the same time delays could give it away). I do it on both Mac and Win (unfortunately don't get payed to do it on Linux but I believe the Mac method was a derivation of a Linux or Unix project) for automating user interface testing that gets done before any release.

The problem is all the people who don't use these captchas like they're intended to be used. You only need to enter the "Known" value to make a reCaptcha work. You can type anything you like for the other value.

When it was two separate blocks of letters, it was harder to tell which was the reCaptcha and which was the unknown text. Now you know you just have to enter the computer generated number and can enter anything you please for the rest.

While this makes it easier for those who only enter the one needed correct value, it may cause more people to enter random or incorrect text for the unknown.

I used to run a discussion forum. I had reCaptcha installed, and the spam just kept flowing like the captcha wasn't even there. It wasn't until I started making users answer a question that only group members would know the answer to that the spam stopped.

We've asked Google why a CAPTCHA would be necessary at all if the company already knows you're human, but we haven't received an answer yet.

You probably won't get an answer. Google doesn't want to admit that captchas are used just as often for monetization - annoying people into paying for some desired content - as authorization. While it may no longer be necessary as an authorization tool, it's still handy for annoyance and monetization.

They tell you in the statement (vaguely):

Quote:

the distorted letters serve less as a test of humanity and more as a medium of engagement to elicit a broad range of cues that characterize humans and bots

So it's the way you respond to the captcha, not the content of the response, that they're measuring.

I used to run a discussion forum. I had reCaptcha installed, and the spam just kept flowing like the captcha wasn't even there. It wasn't until I started making users answer a question that only group members would know the answer to that the spam stopped.

There's an awful lot of human-generated (or at least, human-posted) spam out there that isn't really slowed by the sorts of things meant to stop robots. CAPTCHA is useful for getting rid of the bargain-basement spam-bots and slowing everyone else down to human speeds, but it's definitely not a silver bullet.